RHEL 7 : kernel (RHSA-2017:2437)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An update for kernel is now available for Red Hat Enterprise Linux 7.3
Extended Update Support.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es) :

* A use-after-free flaw was found in the Linux kernel which enables a
race condition in the L2TPv3 IP Encapsulation feature. A local user
could use this flaw to escalate their privileges or crash the system.
(CVE-2016-10200, Important)

* A flaw was found that can be triggered in keyring_search_iterator in
keyring.c if type->match is NULL. A local user could use this flaw to
crash the system or, potentially, escalate their privileges.
(CVE-2017-2647, Important)

* It was found that the NFSv4 server in the Linux kernel did not
properly validate layout type when processing NFSv4 pNFS LAYOUTGET and
GETDEVICEINFO operands. A remote attacker could use this flaw to
soft-lockup the system and thus cause denial of service.
(CVE-2017-8797, Important)

* The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel
before 4.5 allows local users to cause a system crash and a denial of
service by the NULL pointer dereference via accept(2) system call for
AF_ALG socket without calling setkey() first to set a cipher key.
(CVE-2015-8970, Moderate)

Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin
(Virtuozzo) for reporting CVE-2017-2647 and Igor Redko (Virtuozzo) and
Vasily Averin (Virtuozzo) for reporting CVE-2015-8970.

Bug Fix(es) :

* When running the LPAR with IBM Power 8 SMT8 mode, system performance
degradation occurred due to the load getting spread across threads
from the same core. The provided patches fix scheduler performance
issues and assure the load is spread across cores, thus improving the
system performance significantly. (BZ#1434853)

* Upon reboot, the bond slave with some network adapter ports became
unresponsive in the backup state and never proceeded to the active
state. As a consequence, the bond slave never transmitted any LACP PDU
and the bond interface was never produced properly. With this update,
the i40e network driver has been fixed for long link-down notification
time and the bond slave now transmits LACP PDUs as expected.

* When attempting to configure two or more Ethernet adapter cards
using Virtual Function I/O (VFIO) in the KVM guest, subsequent KVM
guests previously failed to boot returning an error message. The
provided patch adds the ability of VFIO to support more than one card
in the KVM guest environment. (BZ#1447718)

* It is possible to define the CPUs in which unbound kworkers can run
by setting a 'mask' in a specific file in the sysfs file system,
helping on CPU isolation. However, this setup did not work properly,
and unbounded kworkers were being activated on CPUs in which they were
set to _NOT_ run. The provided patchset prevents unbound kworkers from
being run on CPUs that are masked, thus fixing this bug. (BZ#1458203)

* Due to a regression, the kernel previously failed to create the
/sys/block/ /devices/enclosure_device symlinks. The provided patch
corrects the call to the scsi_is_sas_rphy() function, which is now
made on the SAS end device, instead of the SCSI device. (BZ#1460204)

* Previously, the system panic occurred when running mkfs.ext4 on
newly created software RAID1 partitions on SATA SDD drives. The
provided patch ensures the ext4 file system is created on the /dev/md0
partition and is mounted there successfully. (BZ#1463359)

See also :


Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 5.8
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 102349 ()

Bugtraq ID:

CVE ID: CVE-2015-8970

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now